At each of the American Bar Association Business Law Section’s spring and fall meetings, the Pro Bono Committee organizes a panel roundtable, featuring local speakers whose pro bono work has a strong connection to the host city. In April, the Committee presented a program at the Spring Meeting in New Orleans focusing on identifying and conquering common impediments to pro bono service. Among the panelists were Kristen Amond, founder of Kristen Amond LLC; Christina (C.C.) Kahr, executive director of New Orleans organization The Pro Bono Project; Chris Ralston, partner at Phelps Dunbar LLP; and George Whipple, member of the board of directors and member of the firm at Epstein Becker Green.
The legal profession, as an independent pillar of American democracy, has always honored its commitment to pro bono services. With the current U.S. political landscape introducing new challenges for lawyers in the pro bono and social impact space, this discussion was invaluable.
The program highlighted the inspirations behind the panelists’ commitments to pro bono services and philanthropy, especially for Louisiana citizens who face not only the familiar issue of funding shortages for civil legal aid and public defender services but also unique challenges due to the constant battle against natural disasters. Ralston, who has offered pro bono assistance in Southeast Louisiana for seventeen years and held leadership positions at several legal aid provider organizations and the Access to Justice Commission, shared his dedication for this work was due to the region’s history of having a significantly high population of people in poverty. Amond, a litigation attorney with strong Louisiana roots, recognized early in her career that “the legal profession is a profession as opposed to an industry,” so a lawyer’s role and responsibility to communities “run deeper.”
At the heart of the discussion was the challenge of identifying and overcoming the impediments for getting pro bono volunteers. Panelists noted that skills building should be a strong incentive for young lawyers to engage in pro bono work because they could develop competency in areas such as client interviewing, gain time in court or exposure to depositions, and learn from other opportunities that may be outside their wheelhouse. One of the greatest obstacles, however, is lawyers lacking a pathway to fully commit to pro bono work in a meaningful way when they are bound by demanding billable hours. Whipple, whose law firm runs a robust pro bono program, leads three family foundations. He advocates for law firms to increase the percentage of billable hours dedicated to pro bono activities and for legal aid provider organizations to provide more transparency regarding expectations and appropriate types of pro bono assignments to ensure lawyers spend a reasonable amount of time to make real, tangible contributions.
Kahr, discussing her leadership at The Pro Bono Project, talked about her partnerships with the legal community to provide aid for Louisianans in need of legal representation. It was here where she witnessed and was “struck by how the legal community could make things happen, could move the needle . . . and the real tangible and pragmatic benefits” that came from this close collaboration. This part of the discussion led to an engaging interaction among those in the room recognizing an untapped demand for transactional lawyers to contribute to pro bono work and that these opportunities are not limited to litigation. For instance, corporate lawyers could help nonprofit organizations, like The Pro Bono Project, to comply with rules and regulations, advise on a wide range of business legal issues, provide helpline assistance, or even offer notary services, without needing to go to court.
The ABA Business Law Section presents the National Public Service Award annually as part of its efforts to recognize significant pro bono legal contributions of law firms, corporate law departments, and individual business lawyers. This year, the Pro Bono Committee proudly presented the 2025 National Public Service Award to two exceptional recipients, Wilson Sonsini Goodrich & Rosati and Tara K. Burke, for their outstanding pro bono contributions. From supporting minority-owned small businesses and nonprofit organizations, to advising social enterprises across Africa and helping secure life-saving healthcare access for veterans, Wilson Sonsini’s global dedication to advancing equity and justice is truly inspiring. Burke, through her leadership in Exponentum’s National Webinar Series and continued service with the Pro Bono Partnership of Ohio, has helped hundreds of non-profit organizations across the country access critical employment law guidance—freeing up their resources to focus on serving their communities.
The next Pro Bono Committee panel roundtable will be held at the ABA Business Law Fall Meeting in Toronto on September 19, 2025.
The panel discussed in this article was moderated by the author, Pam Ly, an ABA Business Law Fellow and Senior Analyst at the Financial Industry Regulatory Authority.
This is the sixth installment in the Year in Governance Series from the In-House Subcommittee of the ABA Business Law Section’s Corporate Governance Committee. Each month, the series will share key tips on a different corporate governance topic. To get involved in the Corporate Governance Committee, please visit the committee’s webpage.
A message from Kathy Jaffari: “As Chair of the Corporate Governance Committee, I would like to extend my sincere appreciation to the authors for this publication. The Corporate Governance Committee has ongoing opportunities for writing and volunteering with various projects, whether it’s an article you want to publish or a CLE that you want to present. Our Committee is dedicated to helping you promote informative resources for corporate governance practitioners. You may contact me at [email protected] to get involved.”
Whether it’s for a regular meeting of a board of directors or a special meeting, a public or private company, a well-crafted agenda provides a road map for your board to be informed, engaged, and strategic. Thoughtful agenda drafting facilitates efficient and productive meetings, limits waste of meeting participants’ time and energy (both in preparation and during the meeting), and ultimately helps your board fulfill necessary governance requirements.
Understand the “why.” Each item on the agenda should have a purpose. When planning, ask yourself if the item is for approval, discussion, or awareness. Understanding the “why” behind each item will help you determine the presenters, time allocation, and priority in the meeting flow. In addition, a clear purpose helps directors prepare appropriately in advance and stay engaged during the meeting.
Consider the list of attendees. Attendees at each meeting should be carefully selected. Whether attendees are senior leadership, auditors, counsel, board support, or external speakers, their presence should be placed logically and efficiently. It’s important that each attendee add value to the discussion and not just fill a seat—or worse, inhibit discussion. Often topics with guest presenters are scheduled at the beginning of the agenda so they can leave the meeting after their presentation, preserving time for the board to discuss on its own. Also, note who should be in the room when the board is receiving legal advice, as the presence of participants not directly involved in the matter may compromise attorney-client privilege.
Prioritize topics. Determine which topics should have priority and how their overall flow impacts the meeting. Strategy, operating results, major investments, and risk oversight are more important topics than routine compliance and governance updates. Place topics that require the most attention within the first hour, when directors are most engaged. Defer routine items to the end of the agenda or to the read-only section. Certain foundational topics should be placed earlier in the agenda if the plan is to build upon the content in later presentations. Often, it’s easier to keep all approvals at the end of the meeting to avoid disrupting the discussion flow.
Timing is everything. The time allocated for each agenda item is important. Reserve more time for significant or complicated items, and build in buffers for unexpected discussion. Thoughtful time allocation also helps directors understand the importance of each item from leadership’s point of view. Take learnings from previous meetings and adjust accordingly. If a particular topic consistently runs over, reassess how much time to allocate to the same topic in future meetings. Also, remember that agendas are discoverable documents. Weighty items, like risk oversight, should not be allocated a small amount of time or placed in a read-only section.
Review with stakeholders. The board agenda should be previewed with the chairman of the board, and the committee agendas should be previewed with the committee chairs. Additionally, key members of leadership are essential in driving the board agenda, including the chief executive officer and the general counsel and secretary. Each committee also has critical stakeholders to consider: For the audit committee, the chief financial officer and chief accounting officer play significant roles. For the compensation committee, the head of human resources and the head of executive compensation play significant roles. The corporate secretary should ensure that all the right stakeholders weigh in on each agenda as appropriate. Remember to include any external stakeholders as appropriate—for example, independent auditors or compensation consultants—and be sure to start the review process weeks in advance of the scheduled meeting.
Make efficient use of a read-only section. Read-only sections are the perfect place to include material that you want your board to know and understand but that does not require a formal discussion. Common items in read-only sections include dashboards, summaries on discrete issues, and background reports. When planning, be sure to remind presenters that they may include material in the read-only section that can supplement the content in their main presentation. Remember to advise directors to read these materials; directors are deemed to have knowledge of these materials if later produced in a litigation or board records request, regardless of whether it was part of the main discussion.
Destroy drafts. Agenda drafts are discoverable documents and are typically included in the bundle of documents produced in a stockholder demand for books and records. As a result, it’s imperative that the only version of the agenda discoverable is the final version shared with the board or board committee. If drafts are available and subsequently produced, changes in topics, timing, and participants could lead to incorrect assumptions about why certain items or presenters were changed.
Utilize board and committee planners. When crafting agendas, use an annual board or committee planner that can help you visualize the timing of topics throughout the year. Schedule deep dives on important topics like cybersecurity, succession planning, and crisis management purposefully and predictably. This helps set expectations both at the board level and with your senior leaders. Prioritize certain topics over others depending on business needs, requests from directors, or leadership’s preference.
Hone descriptions of topics. Agenda descriptions should be precise and simple. Be sure to indicate if an item will require approval. Vague terms like “review” or “update” without an additional description may lead to a disconnect between the presenter and the board. Well-written descriptions enhance transparency and can also help in reviewing corporate records in future years.
Note deviation from the agenda in the minutes. Despite a well-planned agenda, it’s natural for changes to happen. For example, a presenter may be running late, so their item is moved to another section of the agenda, or the board decides to skip an item because it wants to allocate more time to another. Changes are fine. However, it’s important to document these changes in the minutes, so in the future, there are no discrepancies between the agenda and the minutes. There should be no room to guess what was discussed, when it was discussed, with whom it was discussed, and for how long, so be sure the minutes capture any changes.
The views expressed in this article are solely those of the authors and not their respective employers, firms, or clients.
The Federal Trade Commission (“FTC”) has agreed to accept the new administration’s first settlement of a merger-enforcement challenge. The settlement includes the divestiture of three businesses and will allow Synopsys, Inc. to complete its $35 billion acquisition of Ansys, Inc.
The statement points to both practical and substantive factors as guideposts for the FTC’s decisions, including impact of a settlement proposal on litigation, ability to fashion a remedy that is structural (not behavioral), quality of the asset package available for divestiture, and strength of the proposed divestiture buyer.
The Merger
The parties’ product portfolios are mostly complementary. Synopsys largely offers electronic design automation (“EDA”) software, services, and hardware used to design semiconductor devices, such as chips, and offers semiconductor intellectual property. Ansys mostly offers multiphysics simulation and analysis software and services to simulate and analyze the behavior of a product, process, or system using digital models. Some of these EDA tools are used by chip designers. The firms characterized the merger as the logical next step given their history of collaboration.
According to publicly available information, the parties filed the merger notifications in the UK and Europe in November 2024 before filing in the United States on January 29, 2025.
Theories of Harm
The FTC complaint alleges that Synopsys and Ansys are the only two competitors in optical software tools and that the transaction “would give Synopsys the ability to determine input prices for producers of screens, lenses, and mirrors, including automotive, smartphone, camera, and television manufacturers.” With respect to photonic software used for designing and simulating photonic devices, Synopsys and Ansys are head-to-head competitors and view each other as their closest competitor despite the presence of other competitors. Similarly, each party considers the other its closest competitor for Register Transfer Level (“RTL”) power consumption analysis tools, and market participants recognize them as such. For example, Synopsys and Ansys have each innovated their products in direct response to competition from the other.
The Settlement
The UK and the EC provisionally accepted the parties’ proposed remedy on January 8 and January 10, 2025, respectively. Although not yet final because the settlement remains subject to the public comment period, the FTC describes the consent order as “preserv[ing] competition across several software tool markets that are critical for the design of semiconductors and light simulation devices, which are used in a wide range of products.” Specifically, Synopsys will divest its optical software tools and photonic software tools, while Ansys will divest PowerArtist, a power consumption analysis tool. The settlement will also require the companies to provide a “limited amount” of technological support and transition services to the divestiture buyer so that it can immediately compete with the merged company.
FTC Chair Ferguson issued a statement, which was joined by the two other commissioners, to explain his views on the role that remedies should play. Key points of the statement include the following:
Litigation is the only tool that the agency has to prevent anticompetitive acquisitions.
Although, in the past, not all merger remedies have been effective, they must be an option for the FTC.
Only settlements the agency believes are certain to address the proposed transaction’s anticompetitive effects are acceptable.
The commission intends to publish a policy statement on its understanding of the role of remedies.
The statement indicates the agency should not disregard proposed settlements that would address a merger’s competition problems, because the parties can present that settlement as a remedy to the court during litigation. Courts often consider whether the proposed remedies would alleviate the competition concerns raised by the challenged transaction. Chair Ferguson acknowledges that even inadequate settlement proposals can complicate the agency’s litigation efforts and substantially increase its risks. To avoid relegating the judgments about the acceptability of remedies to the parties to the transaction and the courts, the FTC will not preclude the potential for consent agreements such as that proposed by Synopsys and Ansys.
Additionally, given the expense and staff time necessary to litigate antitrust cases, refusing to settle merger cases unnecessarily limits the impact that the FTC can have with its finite resources.
The statement also makes clear that the agency should only accept settlements when it is confident that the settlement will protect competition “to the same extent that successful litigation would.” As with prior administrations, behavioral remedies will be disfavored in merger matters. Also, structural remedies should typically involve the sale of a standalone or discrete business and all tangible and intangible assets necessary (1) to make that line of business viable, (2) to give the divestiture buyer the incentive and ability to compete vigorously against the merged firm, and (3) to eliminate to the extent possible any ongoing entanglements between the divested business and the merged firm. The agency needs also to be confident that the divestiture buyer has the resources and experience necessary to make the business competitive.
Although the statement acknowledges that “settlements, where they resolve the competitive concerns that a proposed transaction creates, save the commission time and money that it can then deploy toward other matters,” Chair Ferguson explains that he would favor litigation over an uncertain settlement.
In recent years, there has been a surge in use of cooperation agreements (“Coop Agreements”) in US restructurings. This article provides a high-level overview of basic terms and trends with respect to Coop Agreements. The dramatic increase in use of Coop Agreements by ad hoc groups of lenders has arisen primarily as a reaction to excluded lenders being caught on the wrong end of a non–pro rata liability management exercise (also known as “creditor-on-creditor violence”). Liability management exercises (“LMEs”) often result in significant disparity of returns for lenders participating in the LME versus nonparticipating lenders, thereby creating an incentive for lenders to not be excluded from an LME.
An LME generally refers to a transaction whereby a borrower/sponsor and certain lenders take advantage of loose loan document provisions to create liquidity, often to the detriment of nonparticipating lenders. The two main types of LMEs utilized are (i) drop-down transactions (whereby key assets are moved into unrestricted/nonguarantor entities, followed by new financing secured by those assets); and (ii) uptier transactions (whereby a subset of lenders elevate their position over other lenders, often evading requirements for pro rata sharing through utilization of an exception).
Coop Agreements have become an integral tool used by ad hoc groups of lenders within a syndicate to protect themselves from being excluded from a potential LME. At their core, Coop Agreements are agreements among an ad hoc group of lenders (each a “Coop Party”), in which such Coop Parties unite with the goal of obtaining a favorable restructuring transaction with a stressed or distressed company to restructure the company’s indebtedness. The key component of Coop Agreements is providing pro rata treatment on the underlying, ultimate transaction among the participating Coop Parties. Hence, lenders may become a party to the Coop to minimize their downside risk of being an excluded lender and receiving non–pro rata treatment.
Coop Agreements often act as a foundational step upon which an LME transaction is devised and will position Coop Parties to negotiate directly with a stressed borrower. Oftentimes the net result of a Coop Agreement is the consummation of an out-of-court transaction support agreement or an in-court restructuring support agreement. Typically, a Coop Agreement will only become effective once the Coop Parties hold a majority of the underlying debt of the borrower. Holding a majority of the debt ensures that the Coop Parties will have “requisite” creditor control under the loan documents to facilitate an LME with the borrower (including potential amendments to underlying loan documents). It is important to note that Coop Agreements are only among creditors—the borrower does not sign the Coop Agreement. This ties into the construct that once the Coop Parties hold a majority of the debt, such parties will be well positioned to negotiate with the borrower.
Under a Coop Agreement, a Coop Party agrees not to enter into a transaction with the borrower away from the other Coop Parties. Once a Coop Party signs onto a Coop Agreement, then any potential transaction to be entered into with the borrower by such Coop Party must be offered to the rest of the Coop Parties for so long as such party is subject to the Coop Agreement. However, entry into a Coop Agreement does not require a Coop Party to participate in an ultimate transaction approved by such group with the borrower. Thus, if you are a party to a Coop Agreement but do not like a transaction proposed by the majority of the group under the Coop Agreement, you are typically not required to participate in such transaction.
To restrict the effect of a Coop Agreement, some sponsors have tried inserting restrictions in loan documents prohibiting creditors from joining Coop Agreements. To date, the author believes most sponsor efforts to insert prohibitions against lenders’ forming cooperation groups have been successfully resisted. However, lenders should continue to be on the lookout for provisions inserted by aggressive sponsors trying to limit the ability of lenders to form cooperation groups.
Coop Agreements typically include transfer restrictions ensuring that, if a Coop Party sells or transfers its debt, the transferee (i) is already a Coop Party; (ii) executes a joinder; or (iii) is acting as a qualified market maker. These restrictions ensure that if a Coop Party exits its position, the Coop Parties in the aggregate maintain the requisite “required holders” status necessary to make amendments to facilitate an LME.
It is important to recognize that not all Coop Parties are treated equally. Coop Agreements often differentiate between “initial parties” and “subsequent parties,” and the economics for each may be materially different. Generally, an “initial party” receives both (i) its pro rata share of the underlying economics of an ultimate transaction (e.g., if the ultimate transaction allows a Coop Party to sell its existing debt to the company for senior priming debt at a rate of 75 percent, then a signatory with a $100 existing claim can sell its $100 claim for $75 of priming debt); and (ii) the right to participate pro rata in any new money financing, backstop, and related premium and fees. In contrast, a “subsequent party” may only receive its pro rata share of the ultimate transaction. Nonparties may also be offered the opportunity to exchange their debt, albeit at a lower exchange rate than initial parties or subsequent parties. Hence, you often have three levels of recovery in an LME emerging from a Coop Agreement: (i) initial parties (who get the best recovery); (ii) subsequent parties (who get the second-best); and (iii) excluded parties (who get the worst).
The considerations discussed in this introductory article are intended to provide a basic high-level primer for those who are not familiar with Coop Agreements. Any potential signatory to a Coop Agreement should carefully review the underlying terms to ascertain the implications for its particular situation and potential recovery and should consider seeking experienced independent counsel to assist in such determination.
Artificial intelligence (“AI”) is a rapidly evolving field focused on developing machines capable of performing tasks that traditionally require human intelligence. These tasks include learning, problem-solving, reasoning, perception, and language understanding. Not all AI systems are equal, as they vary in complexity and functionality, and some AI systems have existed for years yet only now are receiving the attention they deserve.
AI has become an integral part of everyday life, utilized in appliances, vehicles, mobile phones, and various software applications, and it is directly accessible to consumers via the web. However, despite AI’s accessibility, its capabilities are poorly understood by the general public. In the legal field, due to AI’s widespread integration into various systems—whether for personal use, employee applications, or client interactions—it is crucial to understand how AI operates, appreciate its benefits, recognize its inherent legal and corporate compliance risks, and master risk-mitigation strategies for AI use in this brave new world.
How AI Works
The primary categories of AI systems include rule-based AI, machine learning, deep learning models (“DLM”), natural language processing (“NLP”), generative AI, and reinforcement learning models. To better understand considerations for AI use and discuss them with more nuance, it is helpful to distinguish between these foundational models.
Rule-based AI follows a strict “if-then” decision-making system. Commonly seen in customer service chatbots, it operates based on predefined instructions, much like a flowchart or recipe, where a specific input triggers a set response.
Machine learning identifies patterns in data and improves its decision-making over time. Netflix’s recommendation system, for example, uses machine learning to refine content suggestions based on user preferences and viewing history.
Deep learning models (DLM) are an advanced form of machine learning that mimics human brain functions to process information. Tesla’s Full Self-Driving and Autopilot features utilize DLM to analyze real-time road conditions and improve driving performance with experience while connecting to a central hub or technological brain center.
Natural language processing (NLP) enables computers to understand and respond to human language, both spoken and written. Virtual assistants like Siri and Alexa rely on NLP to interpret questions and provide relevant answers.
Generative AI creates new content, such as text, images, or music, based on patterns learned from existing data. For example, ChatGPT generates human-like responses, while AI-powered art programs, like Midjourney, produce original visual content.
Reinforcement learning operates on a reward-and-penalty system, much like training a dog. These AI models learn through trial and error, improving their decision-making based on feedback.
For this article’s purposes, we will focus on next-generation models that meet the minimum thresholds of NLP and generative AI. Specifically, we will examine hybrid AI models in corporate settings, such as recurrent neural networks, convolutional neural networks, and transformers / large language models like ChatGPT.
Benefits
AI’s applications extend far beyond grammar correction and content summarization. Hybrid AI models are increasingly embedded in corporate environments for applications such as quality control, e-discovery, document review, risk mitigation, recruitment and onboarding, and fraud detection. Businesses leverage AI to ensure compliance with international laws, local regulations, and internal policies. Pain points and gaps within preexisting policy or regulations also become minimized as AI can detect and provide supplemental standards while simultaneously enhancing efficiency. AI is also used to identify trends and calculate statistical probabilities within complex datasets.
The rapid integration of AI into corporate settings is accelerating, with no signs of slowing down. Those in the legal profession have numerous opportunities to capitalize on AI’s capabilities, making it essential to understand where and how AI operates within the profession.
Risks and Legal Considerations
Despite AI’s benefits, significant risks accompany its use. Bias and legal concerns can arise from the data sources used to train these complex models. Limited or siloed training datasets can create inherent biases, leading to skewed outputs. For example, if historical data used to develop an AI model lacks diversity, the AI will reflect those limitations in its responses. Even open data reservoirs connected to the web can introduce inaccuracies or misinformation. Additionally, models trained on copyrighted or proprietary materials pose risks of intellectual property infringement and accidental plagiarism.
Authentication has grown far more difficult as these AI-based systems have advanced, allowing malicious actors to capitalize on the authentication gap and simultaneously allowing the opening of doors for other evasive tactics. For example, AI can be exploited to create or mimic contracts, agreements, and other legal or company documentation. Misinformation and deepfake technology present additional high-risk threats. AI can generate fraudulent press releases, create bots to plague corporate social media accounts, produce fake customer reviews, and create voice-cloned content—leading to financial and reputational damages.
Legal cases such as Thomson Reuters Enterprise Centre GmbH v. Ross Intelligence Inc.[1] have set groundbreaking precedents regarding the application of copyright laws in AI training. In a decision in this case in February, for the first time, a court declined to allow the application of the fair use doctrine to AI-produced outputs related to use of copyrighted original content. As the judiciary undergoes internal struggle in applying case law and regulatory standards to AI-related cases, which may not smoothly fit the historical mold, attorneys need to pay attention to new judicial interpretations of historically tested case law and statutes.
AI’s presence has not only rocked the judiciary but has also changed the way that lawyers conduct their own work, raising practical and ethical concerns about the usage of AI in the legal industry that have been discussed in ethics opinions or guidance from the American Bar Association and many state bars. Two key examples:
Lawyers are using generative AI to submit briefs, some of which have contained AI hallucinations—that is, citations of cases that never existed. This has resulted in numerous sanctions and efforts by the judiciary to address lawyers’ misuse of AI.
Lawyers are leveraging AI to prepare privilege logs, creating a potential scenario for inadvertently disclosing privileged information when they feed sensitive data into AI systems. Courts have raised confidentiality and ethical concerns over this practice.
Ethical and confidentiality concerns exist not only in the courts but also at varying corporate levels. With generative AI providing content, we have started to see major challenges to authorship and ownership rights. Furthermore, the information kept and stored by companies and how AI and/or the corporations use that information can also begin to blur our traditional understandings of corporate liability and responsibility.
Legal Hypotheticals
Two legal scenarios can help illustrate AI’s complexities:
The Black Mirror Conundrum. A company’s terms and conditions grant it extensive rights over user data, including the ability to create AI-generated content based on customer likenesses and behaviors. This raises questions about disclosure sufficiency and the legality of profiting from personal data.
The Double Cross. A fraud protection company uses client data to enhance its AI algorithms across multiple banking customers. This scenario raises questions as to whether such data usage violates contractual agreements, whether AI-generated insights constitute proprietary content, and whether or not there is a clear divide between original source data to train AI models and the output data that the models create.
These hypotheticals highlight the risks of AI by questioning the legality of using customer/consumer data to produce content that the business uses for its own purposes, whether for pecuniary gain or not. They also bring attention to ethical and contractual implications of leveraging client/employee data to enhance AI models across multiple entities. Most importantly, these hypotheticals bring to light the numerous legal gray areas that we may soon have to navigate—and that some already are navigating.
AI Risk-Mitigation and Forensic Considerations
It is critical for businesses to know how AI works before they begin to leverage it. However, the controls in place to govern its use are just as important. Leveraging AI can enhance productivity and innovation; however, it also introduces new risks that must be proactively addressed. To that end, robust governance frameworks are crucial to mitigating unauthorized or unethical AI usage.
Businesses can significantly reduce exposure to AI-related risks by implementing comprehensive compliance measures, such as Employer Device Management (“EDM”) and Mobile Device Management (“MDM”) systems. These technologies enable organizations to regulate access to AI tools and third-party applications across various devices—including computers, tablets, and mobile phones. With customizable access controls, companies can restrict usage to approved platforms and simultaneously monitor user activity beyond corporate domains, ensuring traceability and accountability.
In the event of litigation or internal investigations, these systems facilitate efficient application of legal holds and data recovery processes. By maintaining control over corporate and employee-owned devices, EDM and MDM technologies allow for secure data preservation while minimizing the need for costly and time-consuming physical device collections. Importantly, they also support privacy-preserving mechanisms, balancing investigative needs with employee data protection.
For organizations lacking centralized device management infrastructure, it is imperative to understand where AI-related data may reside. Beyond conventional storage mediums—such as hard drives, flash drives, and solid-state drives—many AI platforms store user queries and interactions in the cloud. While access to this data often requires user logins, some platforms allow anonymous interaction, complicating attribution. In such cases, forensic examiners rely on alternative artifacts including browsing histories, system activity logs (e.g., file creation, copy and paste events), and audit trails to trace AI usage. These indicators, recoverable through forensic imaging, can include both active and deleted data depending on the scope of forensic acquisition.
It is also critical to recognize that AI itself is not inherently harmful. Risk arises from its misuse, lack of oversight, or uninformed application. Therefore, alongside technical controls, companies must foster a culture of ethical AI use through clear policies, continuous education, and employee accountability. Developing and disseminating AI-specific training programs empowers employees to understand not only the functional aspects of AI but also the ethical, legal, and business implications of its use. Such training should cover topics including data privacy, intellectual property considerations, acceptable use, and bias mitigation. Ethical use agreements and internal awareness campaigns can further reinforce responsible behavior, placing shared responsibility on both the organization and its workforce.
On the reactive side, companies must be prepared to respond swiftly to potential incidents. Utilizing the Electronic Discovery Reference Model (“EDRM”), organizations can deploy litigation holds and document preservation strategies with minimal disruption. Digital forensic techniques complement these processes by enabling thorough investigations through metadata analysis, device event tracking, and the use of AI-detection tools such as GPTZero. Because AI-related content can be distributed across cloud storage, application logs, system metadata, and multimedia artifacts, a multidirectional forensic approach is essential for comprehensive risk assessment and incident resolution.
Effective AI governance demands a combination of proactive policies, technical enforcement, employee education, and forensic readiness. By integrating these components, businesses can harness the benefits of AI while safeguarding against its potential misuse.
Conclusion
AI presents both opportunities and challenges across various industries and legal spaces. While it enhances automation, decision-making, and efficiency, it also introduces legal, ethical, and security risks that organizations and the judiciary must address. If businesses and the legal profession are constantly playing catchup to technological advances such as AI, they inherently lose sight of laying a sound foundation to govern their use. By implementing strict compliance policies, monitoring AI-generated content, and staying informed about evolving legal frameworks, businesses can work to harness AI’s potential while mitigating its inherent risks. As we look to the future, our considerations should focus on responsible usage, not exclusion. Understanding where and how to engage AI will effectively pave the road for businesses to ethically exploit AI in a safe and responsible manner.
This article is related to a CLE program titled “Forensic, E-Discovery, and Legal Compliance in the Brave New World of AI” that took place during the ABA Business Law Section’s 2025 Spring Meeting. To learn more about this topic, listen to a recording of the program, free for members.
No. 1:20-cv-613-SB (D. Del. Feb. 11, 2025); see also Thomson Reuters Enter. Ctr. GmbH v. Ross Intel. Inc., No. 1:20-cv-613-SB (D. Del. May. 23, 2025) (highlighting the importance and difficulty of legal questions about AI’s copyright implications when certifying the case for interlocutory appeal). ↑
During the Clinton administration the U.S. Congress passed the Helms-Burton Act, also referred to as the Cuban Liberty and Democratic Solidarity Act of 1996. Title III of the Act permits U.S. citizens and corporations whose property was confiscated by the Cuban revolutionary government that took power in early 1959 to sue defendants profiting from their property. Title III did not go into effect immediately; its terms gave the president the discretion to suspend or activate it. In May 2019, President Donald Trump activated Title III for the first time in its history. An Eleventh Circuit decision in North American Sugar Industries, Inc., v. Xinjiang Goldwind Science & Technology Co. (No. 23-10126, slip op. (11th Cir. Jan. 2, 2025)) is one of a number of notable decisions in the lawsuits that have ensued since.
North American Sugar Industries, Inc. sued five defendants under Title III of the Helms-Burton Act, accusing them of “trafficking” their confiscated property. Three of the five defendants are corporations from East Asia—a Chinese wind-energy company and one of its subsidiaries (collectively, “Goldwind”), and BBC Chartering Singapore Pte Ltd.; DSV Air & Sea, Inc., is a Delaware corporation with its principal place of business in New Jersey; and BBC Chartering USA, LLC, is a Texas corporation with its principal place of business in Texas.
None of the defendants are Florida corporations. However, North American Sugar began this action in the U.S. District Court for the Southern District of Florida because, allegedly, the defendants participated in a conspiracy that “involved Helms-Burton trafficking from China, through Miami, Florida, and then to Puerto Carupano, Cuba.” The defendants moved to dismiss for lack of personal jurisdiction, which was granted. North American Sugar appealed to the Eleventh Circuit, which reversed and remanded on January 2, 2025.
When the revolutionaries seized control of the Cuban government on January 1, 1959, North American Sugar was one of the largest sugar producers in the world, with a large commercial shipping port in Puerto Carupano, Cuba. On July 20, 1960, the Cuban government confiscated the port and other properties. The Cuban government uses Puerto Carupano for its own activities.
North American Sugar is a New Jersey corporation. It filed a claim for its losses from the confiscation with the Cuba Claims Program of the U.S. Foreign Claims Settlement Commission (“FCSC”). In 1969, the FCSC certified a loss of over $97 million from the confiscation. Under the Helms-Burton Act, the FCSC’s certification of a claim is “conclusive” as to ownership and presumed correct as to value.
In order to ship certain products to Cuba that contained parts made by a U.S. company, the defendant East Asian companies Goldwind needed U.S. government export licenses. They concocted a plan to ship from Asia to Miami and then to Cuba. By transshipping the products through Miami, they received the U.S. government licenses—and, North American Sugar argued, triggered personal jurisdiction in Florida.
North American Sugar presented evidence that at least one defendant, DSV, engaged in trafficking activities in Florida, as follows: DSV’s Miami office was involved in planning the stops of two ships in Miami. DSV sent many emails about the Miami stops to Carol Scheid, DSV’s Miami-based customs broker. DSV documents related to the Goldwind companies shipments listed DSV’s Miami office as the source of the documents, with the DSV Miami office address and telephone number.
The Court of Appeals wrote that to the extent “the plaintiff’s complaint and supporting evidence conflict with the defendant’s affidavits,” the district court was required to “construe all reasonable inferences in favor of the plaintiff,” which it did not.
In addition, because North American Sugar alleged all the defendants participated in a conspiracy, Florida’s long-arm statute conferred personal jurisdiction over the BBC and Goldwind defendants even if none of them personally acted in Florida. Quoting an earlier case, the Court of Appeals noted, “Florida’s long-arm statute can support personal jurisdiction over any alleged conspirator where any other co-conspirator commits an act in Florida in furtherance of the conspiracy, even if the defendant over whom personal jurisdiction is sought individually committed no act in, or had no relevant contact with, Florida.”
Defendants in this case needed the merchandise to be transported through Miami on the way to Cuba in order to obtain the necessary U.S. government permits. However, by putting Florida into the picture they made themselves subject to the Helms-Burton Act inasmuch as part of the “trafficking” occurred on U.S. soil and subject to U.S. courts.
Succession planning is an inherently complex process that requires owners’ attention to their businesses’ immediate and long-term needs. This complexity is often more acutely felt in smaller professional firms that have limited financial resources and less bandwidth to dedicate to long-term strategic planning.
Smaller firms frequently encounter unique problems in their succession planning process. They are not always able to rely on financing mechanisms such as life insurance, retirement plans, or sinking funds, which are so often used by larger firms. They tend to be built around the individual preferences and relationships of their partners. Their methods of operation, compensation, and profit distributions frequently vary from year to year and are often adjusted based on isolated, nonrecurring events rather than consistent policies.
Beyond operational hurdles, firms navigating succession planning must also address the complexities related to valuation. Unlike other business entities, where value might reside in retained capital or tangible assets, the true worth of most professional firms lies in their client base and reputation, the skills of individual partners, and their potential to generate future revenue. This lack of tangible assets makes valuing a small or mid-size professional firm inherently more challenging, particularly when comparable transactions or multiples of value—common in large, publicly traded companies—are unavailable. For this reason, smaller firms tend to rely on one-time, arbitrary values for individual transactions. While such tactics allow small firms to be nimble, they hinder the development of consistent, methodical approaches to partner buyouts. They can also strain the firm’s finances, especially when payments to the departing partner are derived entirely from the firm’s future earnings.
A struggle common to all professional service firms, regardless of their size, is taxation. The choice of buyout structure (direct sale of the departing partner’s interest to other partners versus redemption by the firm of the departing partner’s share of total assets) impacts the tax outcomes and creates conflicting interests for the parties involved. An additional tax impact arises when the buyout includes payments for the departing partner’s share of goodwill or accounts receivable, as such payments trigger the recognition of ordinary income for the departing partner rather than the more favorable capital gain.
Without methodical preparation and thoughtful structuring of the underlying legal transaction, a partner’s departure or retirement can become a disruption that negatively impacts the firm’s financial stability and long-term prospects. Yet, despite being aware of these challenges, many firms still neglect to address them proactively. Partnership agreements, particularly those adopted early in the firm’s operation, often prioritize immediate concerns, such as management and profit-sharing, over the seemingly less pressing issues of partner withdrawals. Additionally, many buyout provisions lack the specificity and flexibility required to generate sufficient liquidity for the firm to fund a partner’s buyout.
This article provides an overview of the most popular buyout approaches that facilitate partner transitions. This overview does not address the tax issues surrounding each type of buyout or the valuation and accounting implications of the selected approach. The terms “partnership,” “partner,” “partnership agreement,” and “interest” are used generally and do not imply a specific legal or tax classification of a professional services firm.
External Financing
External financing (e.g., bank loans, lines of credit, or loans from specialty finance companies focused on professional services) to fund a partner buyout offers several key advantages, primarily centered around providing immediate capital and financial stability for the firm. Outside funding avoids the uncertainty associated with dependence on the firm’s future performance and allows it to continue its operations without depleting its cash reserves. These reserves can instead be utilized for other purposes, such as investing in essential technology upgrades, hiring key personnel, or pursuing initiatives that accelerate the firm’s growth.
Another significant advantage of external financing is a clean separation between the firm and the departing partner. The retiring partner has immediate access to funds, while the firm benefits from a complete disengagement of the departing individual from the firm’s ongoing operations.
One of the primary drawbacks of external financing is its substantial long-term cost. Some loans may contain less than favorable financing terms, including personal guaranties or shorter repayment periods. Restrictive covenants such as limits on future debt, capital expenditures, or partner distributions may constrain the firm’s operational decisions and impair its creditworthiness. Many traditional banks hesitate to offer partner buyout loans due to the lack of tangible collateral. Finally, the time-consuming process of a lender’s due diligence review might not align with the desired timeline for a partner’s departure. As a result, many firms may have no choice but to fall back on other arrangements.
Payment in Installments
Payment in installments is the simplest and, thus, most frequently used mechanism for all types of buy-sell arrangements. Professional services firms usually fund partnership redemptions from their ongoing revenue streams rather than accumulated capital. Payment in installments mitigates the financial strain on the firm by avoiding immediate cash outflows that could disrupt operations or hinder growth. The firm’s obligations are evidenced by a promissory note detailing the payment amount and terms, such as interest rate, payment schedule, and maturity date. The note can be secured to provide the departing partner with recourse if the firm defaults. Common security arrangements include:
a pledge of the stock or membership interest purchased from the departing partner
personal guarantees of the remaining partners
liens on specific assets such as real estate or significant equipment (less common in the context of professional service firms, which typically do not possess substantial tangible assets)
The firm can use various approaches to manage its debt service and cash flow during the note repayment period. These include a cap that limits the total annual payout or a payment suspension clause, which permits deferral of principal payments during periods of economic downturn. Any amount that the firm cannot pay in a single year due to the cap or suspension would be rolled forward to the following year. Other details that the parties should address when using such arrangements include triggering conditions (e.g., a drop in revenue below a specified threshold), the duration of the relief period, the applicable interest rate, and the method for making up missed payments.
Payment in installments enhances a firm’s financial stability. Through proper cash flow planning and allocating a certain percentage of the firm’s revenue toward the buyout payments, the partners can neutralize the effect of unexpected difficulties, allowing the firm to navigate periods of financial hardship without default.
Earnout Arrangements
An earnout is a form of deferred payment that the seller receives from the buyer only when specific performance targets are met post-closing. In a scenario involving a partner’s buyout, the selling partner agrees to make a portion of their payout contingent on the firm’s future performance.
Earnouts are especially effective when the firm’s future financial performance is uncertain or when the departing partner’s continued involvement, even if temporary, is critical for the firm’s ongoing success, for example, to facilitate the transition of key client relationships or preservation of institutional knowledge. Partners who are compensated in the form of an earnout often stay with the firm in a part-time, consulting, or support role to ensure seamless handover of responsibilities and help maintain the firm’s stability during the transition.
Earnouts are also attractive for other reasons:
They offer financial flexibility because a portion of the payment is tied directly to the retained revenue or profit of the firm. Such an arrangement protects the firm if client retention or revenue drops significantly after the transition.
They help reconcile differing opinions between the departing partner and the firm on the value or prospects of the business.
If the firm performs well, the departing partner may earn more than a fixed buyout price that might have been offered in the absence of an earnout.
In a typical earnout arrangement, the departing partner receives an initial portion of their payment in cash upfront. This payment partially mitigates the risk associated with the contingent payout. The firm’s achievement of the agreed-upon performance metrics triggers payments of the remaining balance during the earnout period, which typically lasts from one to five years. The length of the earnout period depends on factors such as the stability of the firm’s business, the time required to transition client relationships, the role of the departing partner, and the complexity of the chosen metrics. For instance, a firm with stable, predictable revenue might opt for a shorter timeframe than one with volatile, project-based income.
Commonly used performance metrics include revenue and profitability targets. Revenue targets can be based on the total revenue generated by the firm, revenue from the departing partner’s practice area, or revenue from specific client accounts historically managed by the departing partner. Revenue targets are popular because they are relatively simple to use. However, they do not reflect the actual profitability of the firm because they account for total income before expenses.
Profitability targets, on the other hand, better reflect the firm’s overall financial health and ability to pay, as metrics such as EBITDA, net profit, or profit per partner are directly linked to the firm’s bottom line. Another common metric is client retention, where payments are contingent on retaining a certain percentage of key clients associated with the selling partner for a specified period. Nonfinancial metrics are used less frequently, typically when the partner’s continued involvement is critical for achieving a specific strategic goal, such as securing a major contract, successfully integrating a practice group, or closing a joint venture deal.
Metrics used in earnout provisions should be objective, measurable, and based on reasonable assumptions and realistic projections. For any metrics to work effectively, they should be structured to prevent artificial inflation or deflation of expenses by addressing details such as the treatment of extraordinary expenses, intercompany charges, or changes in accounting policies. Simple calculations based on readily available data are preferable because they reduce the potential for manipulation or misinterpretation.
The parties can structure an earnout payment as a fixed amount, a percentage of the target achieved, or an agreed-upon formula that will be paid in periodic installments or a single lump sum at the end of the earnout period. To manage risk, the departing partner may (and should) insist on receiving a minimum guaranteed earnout payment (a “floor”). Conversely, the firm may seek a maximum payout limit (a “cap”) to avoid unexpectedly large payouts due to unforeseen successes potentially unrelated to the departing partner’s contributions.
Other protections for the departing partner include:
extension of the earnout period if the guaranteed minimum is not met within the original timeframe due to specific, predefined circumstances
acceleration that requires immediate payment of the remaining potential earnout or guaranteed floor upon certain events, like a change in control of the firm or the departing partner’s death
audit rights preserving access to the firm’s books and records to verify the calculation of the performance metrics and dispute resolution methods for resolving disagreements on the payout calculation
Earnouts are not without drawbacks. Their contingent nature makes them a less desirable solution for buyouts related to retirement, where a departing partner seeks financial certainty and disengagement. They expose the departing partner to a significant risk by tying the payout to the firm’s future performance, which the partner no longer controls. External factors, regulatory changes, serious mismanagement, or strategic shifts by the remaining partners could all jeopardize the earnout payment. Nevertheless, earnouts are often the only viable method for providing buyout funding in smaller firms.
New Partner Buy-Ins
Another strategic approach to funding a partner buyout involves bringing in a new partner, either through an internal promotion or external hire. This new partner purchases the departing partner’s equity interest. This strategy provides both a funding source for the buyout and an opportunity for the firm to inject new talent, specialized expertise, or valuable client relationships into the firm. The new partner’s buy-in is especially attractive for businesses looking to grow new practice areas or expand their service offerings. However, this approach may significantly impact the firm’s ownership structure, culture, and internal dynamics and, as such, requires careful planning and execution.
The process of admitting new partners involves several key steps. First, the partners must identify potential candidates, assess their alignment with the firm’s culture, and perform any necessary due diligence. Next, they need to determine the value of the departing partner’s equity interest and structure the corresponding buy-in payment. Valuation methods vary widely and might include formulas already defined in the partnership agreement (e.g., based on book value, multiples of revenue or earnings, or a fixed amount) or an independent third-party valuation.
The buy-in payment may reflect only the value of a percentage interest in the business or might include a corresponding capital contribution or a pro rata buy-in for the new partner’s share in unbilled work in progress and accounts receivable. Since paying the full purchase price in cash can be a barrier for younger partners, many firms allow new partners to pay for their equity stake over time, typically through deductions from their future profit distributions or compensation.
New partner admission typically requires the consent of all (or a supermajority of) the remaining partners. Securing this consent can be a hurdle, especially if the admission significantly shifts governance control, decision-making power, strategic direction, or profit distribution formulas in ways that make some existing partners uncomfortable. Once consent is received, the partnership agreement is updated to reflect the agreed-upon terms, including the new partner’s initial capital contribution (if any, beyond the equity purchase), percentage of ownership, voting rights, profit and loss allocation, distribution entitlements, and specific roles and responsibilities within the firm.
New partner buy-ins can be highly complex, especially for firms with tiered partnerships, complex capital accounts, vesting schedules, and mandatory retirement policies. Despite these potential complexities, a well-crafted approach can deliver a fair and balanced result for all parties while facilitating a smooth transition.
Best Practices
The goal of succession planning is to ensure smooth, fair, and predictable ownership transitions based on objective parameters. To achieve this goal, professional services firms should adopt best practices when designing partner entry and exit strategies.
The first and most critical step is developing a comprehensive partnership agreement. This agreement should clearly outline triggering events for withdrawals (retirement, death, disability, voluntary departure, termination for cause), funding sources, and procedures, including advance notice requirements, clear valuation methods, and payment terms. Other important provisions include terms for new partner admissions and, where applicable and legally permissible, noncompete, nonsolicitation, and nondisclosure covenants restricting the departing partner.
Partners should periodically review and update the partnership agreement—for example, every three to five years or upon significant changes—to reflect evolving business circumstances, partners’ expectations, and legal and regulatory requirements.
However, a robust agreement alone is not sufficient to successfully navigate partnership transitions. Professional services firms should treat succession planning as an ongoing strategic process rather than a reaction to a partner’s imminent departure. Mentorship, talent development, open communication, and collaboration among partners regarding terms of transition are key to minimizing conflicts and building consensus. Experienced tax, legal, and financial advisors specializing in professional service firms can help design, draft, and implement exit and buy-in strategies that are legally sound, financially viable, and tax- efficient and thus protect the interests of all parties involved. By proactively addressing these elements, professional service firms can navigate partner transitions more effectively, preserving the stability of their firm and setting the stage for future success.
The current political environment may be an exceptional chance to see our system of government in action, and understand “separation of powers” and the role of the federal judiciary.
Many are dismayed by the actions of the current administration. However, the outcries and outrage—the statements by those who say our democracy and government are being destroyed—may be causing their own kind of harm.
Mainstream broadcast media and social media messaging that questions the independence and integrity of the federal judiciary, including the U.S. Supreme Court, may be contributing to the erosion of confidence in the federal judiciary and Supreme Court reflected in public opinion surveys. And with an erosion of trust, it is more likely that members of the public will say it is okay to ignore the courts’ rulings. To uphold the rule of law, however, we must understand and respect all three branches of government and ask them to do their jobs.
Our forebears set up our government to address situations like we see today.
The founders of the United States foresaw, and experienced, disagreements and advocacy that were chaotic, disrespectful, and viewed as undemocratic. Thus they established a system of government, reflected in the Constitution, that provides for an independent judiciary to adjudicate disputes regarding the actions of the executive and legislative branches of our government. This third branch of government—the independent judiciary—would determine the legality of the actions of the executive and legislative branches under the laws and Constitution of the United States. Ultimately, the U.S. Supreme Court decides the law of the land, whether actions are permissible—that is, consistent with the Constitution—or not.
The executive and legislative branches need not agree, nor must they fail to aggressively pursue their desired policies through executive or legislative actions. But the members of these branches are required to recognize and honor the decisions of the federal judiciary regarding the legality of actions and the law of the land.
Positions and actions of the executive branch or the legislative branch—the president or Congress—may be viewed as unlawful by the other branch; however, the executive or legislative branch may take actions and pursue them aggressively until the action is found to be unconstitutional or otherwise unlawful by the independent judiciary. That is the way our system is structured and the way it works.
Thus, the president and his cabinet members—and even those with roles we may not understand—may take even outrageous positions and actions until the action is found to be unlawful under the Constitution or other applicable law.
Our judiciary—the third branch of government—must be allowed to do its job and respected for doing so. We may not like a judicial decision, but we must follow and respect it. When a decision is made that a party does not agree with, the appropriate action is to appeal the decision—not ignore the decision, or attack the judge(s) who made it and seek their removal or impeachment.
Remember that advocacy and disagreement led to the creation of this great nation, led to many of the changes and advancements over the years since, and will continue to do so as we move forward. Our system is not perfect, but “E pluribus unum” (“Out of many, one”) and “United we stand, divided we fall” must be principles we live by as we move forward. We are united as one under the Constitution to pursue life, liberty, and the pursuit of happiness for all citizens—collectively as a nation and a people, not as one individual, group, or party as opposed to another.
We will always have groups and leaders who will try to divide us in order to control us and destroy us, to destroy the collective “one” that we are as a unified nation. However, we are free not to fall into this trap, free to put the collective, unified one, our nation, above the many. If we are united in support of the one, we succeed, and those who seek to divide, control, and destroy us as individuals will fail.
We, humans, created our system of government, with our free will, our prejudices, frailties, and failings. We must thus take responsibility for ensuring the system is understood and operates for all of us. Each of us as citizens must accept the responsibility to participate and protect the collective—our government and way of life.
How do we do this? As a start, we can ensure that we, and our friends and neighbors,
understand the way our government works—the three branches of government and how they interact to govern and ensure the success of our country;
understand our role as citizens (and attorneys) with respect to each branch, and how we can stay engaged and take action to ensure we fulfill our responsibilities;
understand the issues that are important to us, where those issues are within the government, and how we can get involved and participate; and
do something about those issues and responsibilities.
It can feel difficult to “do something,” but it can help to take a step back and focus your energy.
Decide what you want: What is important to you? What is the issue, and what do you want to happen? Try not to simply get upset, check out, or give up.
Slow down and think about the issue or problem and what you would like to see happen. Learn more, or discuss productively with others rather than making angry posts.
Simplify the problems, solutions, and actions: Work to break things down to where there is something that can be done. Don’t let the complexity of an issue overwhelm you and make you feel helpless; there is always a place to start.
Take action: Execute your plan. Start with small actions and steps to get the ball rolling.
We can each be a part of supporting the independent judiciary and the rule of law, and of working for change in a way that maintains respect for our system of government.
This article is part of a series on the rule of law and its importance for business lawyers created by the American Bar Association Business Law Section’s Rule of Law Working Group. Read more articles in the series.
The views expressed herein are solely those of the author and are not necessarily those of the author’s employer, the American Bar Association, or the Business Law Section.
This is the fifth installment in the Year in Governance Series from the In-House Subcommittee of the ABA Business Law Section’s Corporate Governance Committee. Each month, the series will share key tips on a different corporate governance topic. To get involved in the Corporate Governance Committee, please visit the committee’s webpage.
A message from Kathy Jaffari: “As Chair of the Corporate Governance Committee, I would like to extend my sincere appreciation to the authors for this publication. The Corporate Governance Committee has ongoing opportunities for writing and volunteering with various projects, whether it’s an article you want to publish or a CLE that you want to present. Our Committee is dedicated to helping you promote informative resources for corporate governance practitioners. You may contact me at [email protected] to get involved.”
Conflicts of interest undermine a director’s duty of loyalty, erode trust and effective decision-making, and create litigation and enforcement risk. Directors should identify, disclose, and manage any conflicts of interest to maintain the integrity and effectiveness of a board. It is essential to meticulously document conflicts of interest and efforts to overcome these conflicts in order to protect both the company and its directors.
Draft a conflicts of interest policy. Directors need to know the types of conflicts that could arise, such as direct and indirect financial conflicts, dual representation, corporate opportunity, confidentiality, and personal interest. Draft and circulate a comprehensive policy that describes what constitutes a conflict, establishes a disclosure protocol, and lays out procedures for managing conflicts. The policy should also explain what is considered a material conflict.
Ask about conflicts, to facilitate disclosure. The director onboarding process will initially identify conflicts, but that is just the beginning. Directors should complete disclosure forms (typically D&O questionnaires) at least annually, and consider requiring directors to update their disclosures whenever their circumstances change.
Talk about conflicts, to cultivate culture. If you talk regularly about the importance of early and fulsome disclosures, then you will help create a culture where directors identify potential conflicts before they become a problem. You can place a brief disclosure statement at the top of every meeting agenda, or just remind directors before each meeting of how important it is to disclose any material conflicts.
Recuse conflicted directors. When there is a conflict—when a director’s interest could reasonably be expected to influence judgment—recuse that director, immediately. Exclude the director from deliberations (the meeting), decisions (the voting), and information (the minutes, although you can provide a redacted version). The minutes should reflect these efforts in order to record your compliance.
Manage board communications to restrict access when necessary. After asking the director with a conflict of interest to leave the room, use the available technology to restrict the information shared with that director by monitoring what is placed on the director’s portal or revising access controls. If it is necessary to maintain confidentiality, consider using separate counsel and advisors. Make sure to consider the timing of disclosures to the full board after committee deliberations.
When board independence is in doubt, consider forming a special committee. A special committee (made up of independent, disinterested directors) might be appropriate when, for example: multiple (or even a majority of) directors have conflicts; the transaction under consideration will be reviewed under the entire fairness doctrine; the board anticipates litigation related to the decision; or the proposed transaction involves a controlling shareholder. The special committee needs the authority to do its job properly, so it should be formed early, truly independent, and authorized to make decisions (including saying “no”). Keep in mind that the special committee may need separate counsel and advisors.
Consider whether a special committee is worth the trouble. A special committee likely brings inherent challenges that require careful consideration. It is costly. It creates delay. And it may generate the perception that there is more concern than exists or is warranted. Unfortunately, that perception alone could lead to litigation rather than help avoid it. Consider whether recusal of the interested directors would adequately address the conflict.
Address conflicts in related-party transactions. Related-party transactions bring higher scrutiny, as the standard of review examines both the process (i.e., “fair dealing”) and the economic terms (i.e., “fair price”). Using additional safeguards, such as approval from a special committee and a majority-of-the-minority vote, may help shift the burden of proof. You should also disclose all material facts, consider engaging third-party valuations or fairness opinions, and document the business rationale, among other things. Required disclosure of these transactions in Securities and Exchange Commission filings leaves them open to enhanced scrutiny.
Guard corporate opportunities closely. A strong conflict of interest arises when a director diverts a corporate opportunity. To avoid this, draft and adopt a policy that defines the company’s “line of business,” establish a formal process to determine if an opportunity belongs to the corporation, and document when the company declines to pursue an opportunity.
Leverage independent advisors. Use disinterested advisors to help a special committee, or the full board, to craft a rigorous process and establish fair-price credibility. Such advisors can be bankers, valuation experts, or outside counsel. Get them involved early in the process. It may be helpful to vet candidates beforehand so that you have a bench to draw from when the expected (or unexpected) time comes.
The views expressed in this article are solely those of the authors and not their respective employers, firms, or clients.
India’s first standalone data protection legislation, the Digital Personal Data Protection Act, 2023 (“DPDPA”),[1] is poised to soon come into force. To facilitate its implementation, the Ministry of Electronics and Information Technology recently issued draft Digital Personal Data Protection Rules, 2025 (“Draft Rules”)[2], which provide guidance on implementation of several key provisions of the DPDPA. The Draft Rules were issued for public consultation till March 5, 2025. After consideration of industry feedback, it is expected that the government may notify the Draft Rules in the coming months, bringing the DPDPA formally into force.
Because of the DPDPA’s extraterritorial reach, businesses around the world need to prepare for its significant impact. Among the critical aspects of the new data protection law are provisions on cross-border data transfers and data localization, requirements for processing of children’s data, personal data breach notification obligations, and heightened obligations for “significant” data fiduciaries. At a macro level, global businesses will need to assess the DPDPA’s applicability to them and update their technological infrastructure and documentation to comply with the new requirements. “Consent managers,” a new category of entity introduced by the law, may need to be onboarded and integrated to manage data subjects’ consents, and data privacy notices will need to be revisited to ensure they provide the DPDPA’s requisite disclosures. At a business level, data sharing arrangements with vendors and group companies will also need to be reconsidered in light of the DPDPA.
Overview and Extraterritorial Application
The DPDPA introduces several compliance requirements for collection and processing of personal data, whether collected in digital form or collected and subsequently digitized.[3] “Personal data” broadly includes “any data about an individual who is identifiable by or in relation to such data.”[4] The provisions of the DPDPA do not apply to personal data processed by an individual for “any personal or domestic purpose,” or to personal data that is made or caused to be made publicly available by (a) the “Data Principal” (akin to “data subjects” under other jurisdictional frameworks) to whom such personal data relates, or (b) any other person who is under a legal obligation to make personal data publicly available.[5]
The DPDPA applies not only to entities processing personal data within India but also to those outside India if such processing is in connection with any activity related to offering of goods or services to individuals (i.e., Data Principals) within India.[6] This provision is comparable to global frameworks like the European Union’s General Data Protection Regulation (“EU GDPR”), which applies extraterritorially to non-EU businesses that offer goods or services to, or monitor the behavior of, individuals located in the EU.[7] International businesses that do not have a physical presence in India but target and serve Indian consumers, such as e-commerce websites and digital platforms, will need to comply with the DPDPA.
Consent and Notice Requirements
One of the core principles of the DPDPA is obtaining consent from Data Principals for processing their personal data. “Data Fiduciaries” (akin to “data controllers” under other jurisdictional frameworks) must provide clear, standalone notices in English or any official Indian language,[8] detailing the purpose of data collection, the types of data processed, and the rights of Data Principals.[9] The Draft Rules do not prescribe a rigid template or format for the notice, allowing flexibility for Data Fiduciaries to design their notices so long as other requirements are satisfied. However, the notice cannot be combined with other documentation such as an end-user license agreement, general terms of service, or other website policies.[10]
Under the DPDPA, Data Fiduciaries are required to provide similar notice to Data Principals, as soon as “reasonably practicable,” regarding data for which consent for processing was obtained prior to the enforcement of the Act.[11] However, the Draft Rules do not specifically prescribe separate notice requirements for these existing datasets. In the absence of detailed guidance, it may be sufficient, in certain cases, for a public notice to be issued on the Data Fiduciary’s websites or apps.
An operational aspect of concern for these notices is the language requirement. It would simplify implementation if the government were to allow notices to be accessible in the language in which the platform is supported or made available to the Data Principals, to prevent unnecessarily onerous translation requirements.
Consent Managers
Unlike the EU GDPR, which permits data processing on some relatively broad bases such as legitimate interest, the DPDPA relies primarily on consent-based processing, with limited instances of legitimate uses such as for employment.[12] This approach imposes a greater burden on organizations to ensure user-friendly and transparent consent mechanisms. Against this background, it is relevant to note that the DPDPA introduces the novel concept of “Consent Managers.”[13] These are entities registered with the Data Protection Board of India[14] that provide Data Principals a platform to manage, review, and withdraw their consent.[15] These Consent Managers must maintain robust technical and organizational safeguards to ensure transparency and data security.[16]
While the introduction of Consent Managers may alleviate compliance burdens for Data Fiduciaries, it also creates a potential bottleneck if the regulatory framework for their operation is not adequately developed. Furthermore, it would be useful to clarify whether Consent Managers, which operate as independent entities and businesses from Data Fiduciaries, should themselves be considered Data Fiduciaries, or even Significant Data Fiduciaries.
Significant Data Fiduciaries
The DPDPA introduces the concept of “Significant Data Fiduciaries,” a subset of Data Fiduciaries that will be designated by the central government based on an assessment of “such relevant factors as it may determine,” such as the volume and sensitivity of the data they process.[17] SDFs are subject to enhanced compliance obligations, including mandatory data protection impact assessments, audits, and appointment of a dedicated Data Protection Officer[18] to oversee compliance. SDFs may also be required to implement additional security measures, maintain detailed processing records, and observe strict data governance protocols. Furthermore, they may be restricted from transferring certain categories of personal data outside India (discussed below).[19] Businesses operating as SDFs must proactively assess their data processing activities and prepare to meet these heightened regulatory requirements. It is likely that big tech and large, consumer-facing health care, finance, and IT companies could potentially be notified as SDFs, though the exact criteria that the government may use to notify Data Fiduciaries as SDFs is not clear.
Cross-Border Data Transfers
One of the major concerns under the DPDPA and the Draft Rules for multinational businesses is the regulation of cross-border data flows. The DPDPA permits the transfer of personal data outside India unless the government specifically restricts certain jurisdictions.[20] Unlike some stringent data localization laws, the DPDPA does not impose blanket prohibitions but retains the authority to designate restricted territories.
This regulatory approach offers some flexibility for businesses engaged in global data processing while ensuring that transfers remain subject to oversight. However, the government may prescribe additional compliance measures for transfers to certain jurisdictions,[21] such as requiring contractual clauses, data protection impact assessments, or approvals from regulatory authorities. The government may also impose additional compliance requirements on notified SDFs depending on the nature of personal data processed by the SDF and the recipient jurisdiction.[22] Organizations transferring data outside India should be prepared for these potential requirements and must stay updated on government notifications regarding restricted countries and additional conditions applicable to data transfers.
A key question is whether these restrictions will align with existing global frameworks and compliance with foreign law obligations. Companies operating across multiple jurisdictions may face conflicting compliance obligations depending on specific restrictions that may be introduced under the DPDPA. This could create operational challenges for global data-sharing frameworks, necessitating the adoption of a modular approach to data governance, which enables jurisdiction-specific adjustments while maintaining overall regulatory consistency.
Data Localization Requirements
While the DPDPA generally allows data transfers, the Draft Rules introduce provisions for potential data localization requirements, particularly for SDFs. These entities may be subject to specific data storage and localization mandates.[23] A government-appointed committee will determine categories of personal data processed by SDFs that must be stored within India.[24] This could impact global enterprises, particularly those in sectors like finance, health care, and technology, where handling sensitive personal data (often across borders) is integral to operations. Apart from personal data, localization requirements may extend to traffic data pertaining to the flow of personal data,[25] which can include logs and transactional records, meaning businesses must implement robust infrastructure to ensure compliance. Companies must assess whether they are likely to fall within the SDF category and prepare for potential localization obligations by revising their data storage strategies.
These regulations could impact multinational companies that rely on global data centers and cloud services for their business operations. For companies that use global analytics and services driven by artificial intelligence, data localization can introduce significant inefficiencies. Localization mandates may result in increased costs for infrastructure deployment and operational inefficiencies due to the inability to process data across borders. Additionally, concerns have been raised regarding whether localization measures genuinely enhance data security or merely create operational and economic hurdles.
Personal Data Breach Reporting Obligations
Under the DPDPA, organizations must promptly report personal data breaches.[26] The law requires that both affected individuals and the Data Protection Board of India be informed without delay upon discovering a breach.[27] Additionally, within seventy-two hours of an organization’s becoming aware of the breach, a detailed report of the breach must be submitted to the Data Protection Board.[28]
This requirement aligns with international best practices, such as the EU GDPR, but lacks a materiality threshold. Every breach, regardless of its impact, must be reported. This could lead to an increased compliance burden for businesses, necessitating highly robust cybersecurity frameworks and breach detection mechanisms. The lack of a materiality threshold also raises concerns about regulatory fatigue. If organizations are required to report even minor breaches, regulators may be overwhelmed with notifications, reducing their ability to focus on critical threats. Businesses may also face reputational risks from excessive breach disclosures to multiple stakeholders, even in cases where no harm occurs.
In any case, organizations must establish internal protocols for incident detection, assessment, and reporting. Given that breach notifications may also be required under other laws, such as general[29] and sector-specific cybersecurity regulations (such as in the banking or the insurance sector), companies should harmonize their reporting obligations to avoid duplication and ensure efficiency.
Additional Considerations
Data Security: Subject to a few minimal restrictions, Data Fiduciaries are allowed to implement the security standards and procedures of their choice to protect the personal data they process.[30] These safeguards are required to include making sure that the right data security measures (such as encryption, obfuscation, or mapping personal data to tokens) are implemented; access control mechanisms are in place; logs are maintained and routine monitoring is conducted to identify instances of unauthorized access; and more.[31]
Children and Persons with Disabilities: In relation to processing of personal data of children and persons with disabilities, there are additional requirements for obtaining verifiable consent from the parent or legal guardian if applicable, respectively.[32] The mode of seeking verifiable consent is left to the discretion of the Data Fiduciary.[33] Neither the DPDPA nor the Draft Rules require the Data Fiduciary to investigate the ages of its users to ascertain if they are in fact not children, or to investigate the relationship between child and purported parent. The DPDPA and Draft Rules appear to rely upon self-identification by a user as a child, or by a parent, for compliances to trigger.
Retention: According to the DPDPA, personal data must be deleted as soon as it is reasonable to believe that the specified purpose for processing the personal data is no longer being fulfilled.[34] The Draft Rules specify time frames for the processing of personal data for particular purposes by e-commerce entities, online gaming intermediaries, and social media intermediaries (that meet the prescribed user thresholds).[35] It lays out a three-year term from the enforcement of the Digital Personal Data Protection Rules, 2025, or the last time the Data Principal approached the Data Fiduciary to execute the specified purpose or exercise their rights, whichever is later.[36] There is no guidance on the manner of ascertaining when the specified purpose is no longer being served for other Data Fiduciaries. In the absence of a specific timeline, Data Fiduciaries will have varying standards to determine erasure of personal data. Further, it is unclear why a timeline has only been prescribed for the said three classes, as opposed to other Data Fiduciaries, such as those in possession of large volumes of personal data.
Conclusion
Feedback and comments from the industry submitted during the public consultation period are presumably under consideration by the Indian government. Based on recent media reports, it was expected that the DPDPA and the Draft Rules would be finalized for implementation by April 2025.[37] However, as of mid-May 2025, neither the DPDPA nor the Draft Rules have been brought into effect. As the rules are finalized, businesses must assess their current data protection practices based on their industry and the type of personal data they handle. Principles of purpose limitation, collection limitation, and storage limitation are enforced through the DPDPA and Draft Rules and should be enforced by businesses. Compliance will require updating technological systems, internal processes, and documentation. SDFs engaged in cross-border data sharing may face localization challenges, necessitating adjustments to their data transfer arrangements. A critical consideration for businesses is the significant penalties prescribed under the DPDPA, which start at approximately USD 6 million and go up to approximately USD 30 million, depending on the nature of violation.While the Draft Rules offer flexibility by avoiding rigid standards, several critical aspects, such as SDF designations, data transfer restrictions, and details for obtaining verifiable consent for children’s personal data, remain undefined. These details are likely to be addressed once the final rules are released or subsequently through government-issued FAQs.
Article 3(2), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), 2016 O.J. (L 119) 1 [hereinafter EU GDPR]. ↑
DPDPA §§ 5(3), 6(3). Please note that there are twenty-two languages recognized as official under the Eighth Schedule to the Constitution of India: Assamese, Bengali, Bodo, Dogri, Gujarati, Hindi, Kannada, Kashmiri, Konkani, Maithili, Malayalam, Manipuri, Marathi, Nepali, Oriya, Punjabi, Sanskrit, Santhali, Sindhi, Tamil, Telugu, and Urdu. ↑
DPDPA § 2(g) (“‘Consent Manager’ means a person registered with the [Data Protection] Board [of India], who acts as a single point of contact to enable a Data Principal to give, manage, review and withdraw her consent through an accessible, transparent and interoperable platform.”). ↑
The Draft Rules prescribe the conditions for registration of a Consent Manager under Part A of the First Schedule and enumerate the obligations applicable to the Consent Manager under Part B of the same Schedule. ↑
DPDPA § 10(1) (“The Central Government may notify any Data Fiduciary or class of Data Fiduciaries as Significant Data Fiduciary, on the basis of an assessment of such relevant factors as it may determine, including—(a) the volume and sensitivity of personal data processed; (b) risk to the rights of Data Principal; (c) potential impact on the sovereignty and integrity of India; (d) risk to electoral democracy; (e) security of the State; and (f) public order.”). ↑
DPDPA § 2(u) (“‘[P]ersonal data breach’ means any unauthorised processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction or loss of access to personal data, that compromises the confidentiality, integrity or availability of personal data”). ↑
In particular, this refers to the obligation to report cyber-security incidents to the Indian Computer Emergency Response Team in accordance with the provisions of the Information Technology Act, 2000.↑
